CVE-2013-2111
Published: 27 May 2014
The IMAP functionality in Dovecot before 2.2.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via invalid APPEND parameters.
Notes
Author | Note |
---|---|
seth-arnold | "low" because after authentication a user can cause their own process to spin; there are per-(user,IP) connection limits to limit the slowdown. |
mdeslaur | only seems to affect 2.2.x |
Priority
Status
Package | Release | Status |
---|---|---|
dovecot Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Not vulnerable
(1:2.1.7-7ubuntu3)
|
|
trusty |
Not vulnerable
(1:2.2.9-1ubuntu2)
|
|
upstream |
Released
(2.2.2)
|
|
Patches: upstream: http://hg.dovecot.org/dovecot-2.2/rev/ea0390e1789f |